Change the X-Frame-Options to allow all domains
If you set it, then you can only set it to DENY, SAMEORIGIN, or ALLOW-FROM (a specific origin).
Allowing all domains is the default. Don't set the X-Frame-Options
header at all if you want that.
Note that the successor to X-Frame-Options
— CSP's frame-ancestors
directive — accepts a list of allowed origins so you can easily allow some origins instead of none, one or all.
Apache X-Frame-Options Allow-From multiple domains
Header always append X-Frame-Options ALLOW-FROM=site1
Header always append X-Frame-Options ALLOW-FROM=site2
Header always append X-Frame-Options ALLOW-FROM=site3
This way is OK.
But I got an error when i first using it.
Maybe i make a wrong character.
X-Frame-Options in nginx to allow all domains
Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default
file like so:
proxy_hide_header X-Frame-Options;
Needed to restart nginx
as well as use pm2
to restart my nodejs
server (for some reason, it didn't work till I made a small change to my server and restarted it).
How to set 'X-Frame-Options' on iframe?
You can't set X-Frame-Options
on the iframe
. That is a response header set by the domain from which you are requesting the resource (google.com.ua
in your example). They have set the header to SAMEORIGIN
in this case, which means that they have disallowed loading of the resource in an iframe
outside of their domain. For more information see The X-Frame-Options response header on MDN.
A quick inspection of the headers (shown here in Chrome developer tools) reveals the X-Frame-Options
value returned from the host.
Setting X-Frame-Options in PHP
Use below in your php file which outputs response to client side.
header("X-Frame-Options: DENY");
DENY will fully block. You may try SAMEORIGIN option also.
header("X-Frame-Options: SAMEORIGIN");
If you are using apache web server, you can directly set in httpd.conf also.
<Directory />
...
Header always set X-Frame-Options "SAMEORIGIN"
</Directory>
Related Topics
How to Tar a Directory Without Retaining the Directory Structure
How to Get Cron to Call in the Correct Paths
How to Remove the Lines Which Appear on File B from Another File A
How to Recursively Grep All Directories and Subdirectories
More Elegant "Ps Aux | Grep -V Grep"
How to Change 'Rpath' in an Already Compiled Binary
How to View the List of Functions a Linux Shared Library Is Exporting
My Shell Script Stops After Exec
How to Create a File With a Given Size in Linux
Linux/Unix Command to Determine If Process Is Running
Change the X-Frame-Options to Allow All Domains
How to Use Sudo to Redirect Output to a Location I Don't Have Permission to Write To
Bash Script Prints "Command Not Found" on Empty Lines
Peak Memory Usage of a Linux/Unix Process
How to Access Physical Addresses from User Space in Linux
How to Run a Perl Script as a System Daemon in Linux
How to Insert a Text At the Beginning of a File
Minimal Executable Size Now 10X Larger After Linking Than 2 Years Ago, For Tiny Programs